From nobody Wed Feb 22 18:24:48 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PMPhK07j0z3tH4T; Wed, 22 Feb 2023 18:24:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PMPhJ6gYBz4KBJ; Wed, 22 Feb 2023 18:24:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677090288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cwV/jOWSN0unWFTCO93EKfOjuZMVBfFyhKqlnRnusbo=; b=q5hzHVn+8ozh4fxuYK9Zu3XmaMjP0eR/YrPWnPvXks0Pe+aEwv9PQEf1H/uAKj6QNRHqs0 V5VyOf4iHtarQ7YnF2L1HpbJc6hlBJDbzzCw7J2Z0ryCZkTpB2/WqYvPcnrLrWfR10KL/D 1yn/NLQphGLQ8zC26kNWf2gsKOzDcaQoAb92M96mdzxj00InllSQnw8GwBTOz6Txq6HrsC Mb3D7c8YkT+T45fUc5cVV5Y8M+6upVWawSiJiwcMobNWddPEi0UuZXNzeoU9WctzmnshYK NUHkNJ0Pqch/B7cb+QoT3oXz8Erd0JqJqhEteY/UTXoX+yTlBUvmcC1ifqS6Sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677090288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cwV/jOWSN0unWFTCO93EKfOjuZMVBfFyhKqlnRnusbo=; b=pZ3src1M+7g4VJuLv41UE3axDkZKufP/7f/Gppr3wpWSe3+JhsbOx9mUwTnGMKezmlOgYE hNo9OJHC5BK18dnwV7Cy3FCCXNmz9CjhYDkEaVWIafy9+Co1l1zbNk3S+LILtZ7sRoLfE9 zfnDUJPJUXKaiQ+g0/eZZf31m0J2IK5biw7g9mWfNwJIg6a+mBUXT+UzvnFe9kv77PGE7S IHwqgyvrtjaHGDhePEAmq/VKsdnkxiVf0jTU9/Q+i1LRnNijP9VLVcYHhbv6ZSVJv1Wpe5 IyplgxUWfDigtzP9V59FUu4z+XsBUbJlRYJevTQOTmIAMJuN5Ly/bwhQSTns6Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1677090288; a=rsa-sha256; cv=none; b=q76h2KXAMyoSCmwl70K+x91QKlpQC676nHDkV33rQGDUbbiQ3YOKE8C3PNevJOrRdixARI N1lntOKAFLZbD3gQSIGvoDJ+cp2B6oED7frlqb8ZSzX5wneNQf+2Xqf1EXKdoYixjZldms Ul8+5jJlvD18ryrsULatuO1K8jKvEKSh79slDlRdC8QhkNRacnDLIaiXv7EvJsAfbPunRd yX/KY6R7VCbcP2ZwrkKa+zhxAF2g/tmwdaCbiQI2xE4cs8n2sPo1M0iHjX0IIv4bbEtRkx rEvzNOyTJWarTHRPClF/1yV0UWabqxAg0J6lXQ+/t81AiSxhZo9naRbIa9ZnCg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PMPhJ5j7Rz1B4G; Wed, 22 Feb 2023 18:24:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 31MIOmlI058240; Wed, 22 Feb 2023 18:24:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 31MIOmTt058239; Wed, 22 Feb 2023 18:24:48 GMT (envelope-from git) Date: Wed, 22 Feb 2023 18:24:48 GMT Message-Id: <202302221824.31MIOmTt058239@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Gleb Popov Subject: git: 44b00ffe5fb0 - main - ports-mgmt/rc-subr-jail: + Shell library to help writing jailed rc services. List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: arrowd X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 44b00ffe5fb01943fb830ebcc58d933593c7a0cb Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by arrowd: URL: https://cgit.FreeBSD.org/ports/commit/?id=44b00ffe5fb01943fb830ebcc58d933593c7a0cb commit 44b00ffe5fb01943fb830ebcc58d933593c7a0cb Author: Gleb Popov AuthorDate: 2023-02-05 21:02:43 +0000 Commit: Gleb Popov CommitDate: 2023-02-22 18:24:43 +0000 ports-mgmt/rc-subr-jail: + Shell library to help writing jailed rc services. This library follows the declarative style of Ports Makefiles - as much as possible functionality is implemented as knobs. Differential Revision: https://reviews.freebsd.org/D38394 --- ports-mgmt/Makefile | 1 + ports-mgmt/rc-subr-jail/Makefile | 24 ++++++ ports-mgmt/rc-subr-jail/distinfo | 1 + ports-mgmt/rc-subr-jail/files/rc.subr.jail | 129 +++++++++++++++++++++++++++++ ports-mgmt/rc-subr-jail/pkg-descr | 3 + 5 files changed, 158 insertions(+) diff --git a/ports-mgmt/Makefile b/ports-mgmt/Makefile index 25aca9847b2d..1a2f123dc7d3 100644 --- a/ports-mgmt/Makefile +++ b/ports-mgmt/Makefile @@ -72,6 +72,7 @@ SUBDIR += py-FreeBSD-ports SUBDIR += py-pytoport SUBDIR += py-skog + SUBDIR += rc-subr-jail SUBDIR += reprise SUBDIR += sccache-overlay SUBDIR += synth diff --git a/ports-mgmt/rc-subr-jail/Makefile b/ports-mgmt/rc-subr-jail/Makefile new file mode 100644 index 000000000000..40bca73902ef --- /dev/null +++ b/ports-mgmt/rc-subr-jail/Makefile @@ -0,0 +1,24 @@ +PORTNAME= rc-subr-jail +PORTVERSION= 1 +CATEGORIES= ports-mgmt +MASTER_SITES= # +DISTFILES= # +EXTRACT_ONLY= # + +MAINTAINER= arrowd@FreeBSD.org +COMMENT= Shell library to help writing RC scripts with jail support +WWW= https://cgit.freebsd.org/ports/tree/ports-mgmt/rc-subr-jail + +LICENSE= BSD3CLAUSE + +NO_ARCH= yes +NO_BUILD= yes +NO_MTREE= yes + +PLIST_FILES= share/rc-subr-jail/rc.subr.jail + +do-install: + @${MKDIR} ${STAGEDIR}${DATADIR} + ${INSTALL_DATA} ${PATCHDIR}/rc.subr.jail ${STAGEDIR}${DATADIR}/rc.subr.jail + +.include diff --git a/ports-mgmt/rc-subr-jail/distinfo b/ports-mgmt/rc-subr-jail/distinfo new file mode 100644 index 000000000000..fc4b159bbb3d --- /dev/null +++ b/ports-mgmt/rc-subr-jail/distinfo @@ -0,0 +1 @@ +TIMESTAMP = 1675627821 diff --git a/ports-mgmt/rc-subr-jail/files/rc.subr.jail b/ports-mgmt/rc-subr-jail/files/rc.subr.jail new file mode 100644 index 000000000000..8dc5271405b3 --- /dev/null +++ b/ports-mgmt/rc-subr-jail/files/rc.subr.jail @@ -0,0 +1,129 @@ +# This file can be included in the RC script by adding following line: +# . %%LOCALBASE%%/share/rc-subr-jail/rc.subr.jail + +# The behavior of routines defined in this file are affected by the following +# global variables, which can be used in the same manner as Makefile knobs: + +# jail_copy_resolv_conf +# set this to "yes" to copy /etc/resolv.conf file into the jail being created + +# jail_copy_services +# set this to "yes" to copy /etc/services file into the jail being created + +# jail_copy_programs +# set this to a list of binaries, which should be copied into /bin directory +# of the jail. Dynamic libraries required by each program will be placed into +# the /lib directory of the jail + +# jail_mount_devfs +# set this to "yes" to mount a devfs filesystem under the /dev directory of the +# jail + +# jail_ip_inherit +# set this to "yes" to make "ip4=inherit" and "ip6=inherit" arguments to be +# passed to the jail + +# jail_prepare_inside_cmds +# set this to the shell command that will be run before starting the jail +# commands are run after changing directory into the jail's root + +# jail_nullfs_mounts +# set this to a list of triplets of "src_dir dst_dir opts" that will be passed +# to mount_nullfs +# make sure to pass either "ro" or "rw" as "opts" value + + +# prepare_jail jroot +# sets $jail_prepared_args that can be used in jail(4) invocation +# intended to be run during "start" command +prepare_jail() +{ + local jroot jargs + jroot="$1" + jargs="-c path=${jroot} " + + destroy_jail "$jroot" 2> /dev/null + + mkdir -p "$jroot" + + if [ "$jail_copy_resolv_conf" = "yes" ]; then + mkdir -p "$jroot/etc" + cp /etc/resolv.conf "$jroot/etc" + fi + if [ "$jail_copy_services" = "yes" ]; then + mkdir -p "$jroot/etc" + cp /etc/services "$jroot/etc" + fi + + local _prog _interp + for _prog in $jail_copy_programs; do + mkdir -p "$jroot/bin" + mkdir -p "$jroot/lib" + + cp "$_prog" "$jroot/bin" + ldd "$_prog" 2> /dev/null | cut -s -d " " -f 3 | grep -E '^(/lib|/usr)' | sort -u | xargs -I % cp % "${jroot}/lib/" + + _interp=$(file "$_prog" | grep -o '/libexec/ld-elf.so[0-9\.]*') + if [ "$_interp" ]; then + mkdir "$jroot/libexec" + cp "$_interp" "$jroot/libexec/" + fi + done + + if [ "$jail_mount_devfs" = "yes" ]; then + mkdir -p "$jroot/dev" + jargs="$jargs mount.devfs " + fi + if [ "$jail_ip_inherit" = "yes" ]; then + + if check_kern_features inet; then + jargs="$jargs ip4=inherit " + fi + if check_kern_features inet6; then + jargs="$jargs ip6=inherit " + fi + fi + + if [ "$jail_nullfs_mounts" ]; then + local _mnt_line + echo "$jail_nullfs_mounts" | xargs -n 3 | while read -r _mnt_line; do + local _src _dst _opts + _src=$(echo "$_mnt_line" | awk '{print $1}') + _dst=$(echo "$_mnt_line" | awk '{print $2}') + _opts=$(echo "$_mnt_line" | awk '{print $3}') + mkdir -p "$_dst" + mount_nullfs -o "$_opts" "$_src" "$_dst" + done + fi + + if [ "$jail_prepare_inside_cmds" ]; then + /bin/sh -c "cd \"$jroot\" && $jail_prepare_inside_cmds" + fi + + jail_prepared_args=$jargs +} + +# destroy_jail jail_root +# cleans up the jail, unmounts all filesystems and finally removes jail_root +# intended to be run during both "stop" and "start" commands +destroy_jail() +{ + local jroot + jroot="$1" + + if [ "$jail_mount_devfs" ]; then + rmdir "$jroot/dev" + fi + + if [ "$jail_nullfs_mounts" ]; then + local _mnt_line + echo "$jail_nullfs_mounts" | xargs -n 3 | while read -r _mnt_line; do + local _dst + _dst=$(echo "$_mnt_line" | awk '{print $2}') + umount "$_dst" + rmdir "$_dst" + done + fi + + rm -rf "$jroot" +} diff --git a/ports-mgmt/rc-subr-jail/pkg-descr b/ports-mgmt/rc-subr-jail/pkg-descr new file mode 100644 index 000000000000..e0f5cdccfe9a --- /dev/null +++ b/ports-mgmt/rc-subr-jail/pkg-descr @@ -0,0 +1,3 @@ +This port install a shell source intended to be included by rc scripts that +want to run services inside a jail. +